CL Site Malware thread (fixed, please let us know if you see issues)

Reply Subscribe

Thread Tools

Search this Thread

Nov 4, 2012 | 02:57 PM

Briano7

Thread Starter

Driver School Candidate

Joined: Sep 2012

Posts: 37

Likes: 0

From: FL

CL Site Malware thread (fixed, please let us know if you see issues)

I'm not sure where to post this but
Starting yesterday, the 3rd, when I sign on to Club Lexus Forum I get a popup warning from Norton Security saying:
Norton blocked an attack by:
EXPLOIT TOOLKIT
WEBSITE 33

Details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-04 17:30:28,High,An intrusion attempt by dnsserv.ssrsystems.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"dnsserv.ssrsystems.com (213.179.207.140, 80)",dnsserv.ssrsystems.com/dhFJwR?leETD=31,"OWNER-PC (192.168.1.68, 51765)",213.179.207.140 (213.179.207.140),"TCP, www-http"
Network traffic from dnsserv.ssrsystems.com/dhFJwR?leETD=31 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.

Just thought you ought to know.
It's supposed to be nasty.

Nov 4, 2012 | 06:16 PM

YeA 2jZ

Lexus Fanatic

iTrader: (15)

Joined: Apr 2005

Posts: 5,251

Likes: 3

From: SC Land, FL

Getting a Trojan warning in main SC Forum

When I reload the main & SC300/400 forum page I keep getting a "warning detected" "trojan" warning from my AVG. Its only been happening today ?

Last edited by YeA 2jZ; Nov 4, 2012 at 08:05 PM.

Nov 4, 2012 | 06:27 PM

m1964

Intermediate

Joined: Feb 2012

Posts: 280

Likes: 6

From: NY

any one else got the message?

While browsing this forum, I got a message from my antivirus program saying it blocked an attack on my computer-happened today, more then once on both work laptop and home desktop, with different anti-virus software....

Nov 4, 2012 | 06:59 PM

YeA 2jZ

Lexus Fanatic

iTrader: (15)

Joined: Apr 2005

Posts: 5,251

Likes: 3

From: SC Land, FL

Nov 4, 2012 | 07:22 PM

LexBob2

Lexus Champion

Joined: Aug 2006

Posts: 12,610

Likes: 289

From: Illinois

Quote:

Originally Posted by m1964

I've been getting it regularly too.

Nov 4, 2012 | 07:43 PM

RXSF

CL Community Team

Joined: Aug 2006

Posts: 12,577

Likes: 234

From: San Francisco, CA

Interesting. I am going to move or create a link to the site problems subforum so that Dave can be aware of the problem if he isnt already

Nov 4, 2012 | 07:46 PM

GRPFAN

Pole Position

Joined: Nov 2011

Posts: 396

Likes: 1

From: Wisconsin

Quote:

Originally Posted by RXSF

Interesting. I am going to move or create a link to the site problems subforum so that Dave can be aware of the problem if he isnt already

I get a message that says" This site uses Java to view"
I ignore it and it's fine.

Toyota and Lexus Join Mille Miglia For The First Time

Verdad Gallardo

Lexus NX 350h: A Fuel-Sipping Secret Hot Hatch???

Michael S. Palmer

5 Best & 5 Worst Lexus Daily Drivers

Joe Kucinski

Top 5 Hottest Lexus & Toyotas in 2026 (Hardest To Buy)

Brett Foote

2026 Lexus IS 350 F Sport Review: The Last of Its Kind Still Rocks

Michael S. Palmer

Top 10 Most Confusing Things Lexus Has Ever Done!

Joe Kucinski

2026 Lexus ES Review: Lexus Re-Embraces Founding Principles

Michael S. Palmer

10 Lexus Bargains That are Cheaper Than a New Toyota RAV4

Joe Kucinski

8 Weirdest Things Lexus Has Ever Built

Verdad Gallardo

10 Lexus Designs That Have Aged Like Fine Wine

Verdad Gallardo

Nov 4, 2012 | 09:25 PM

Supraman16

Advanced

iTrader: (5)

Joined: Apr 2001

Posts: 587

Likes: 42

From: Burbank, CA

I got infected from the FBI/Moneypak Malware virus this morning when I came to the clublexus forums. I managed to get rid of it by booting in Safe Mode and running MalwareBytes and then I got rid of Java to prevent it from getting into my computer. After that, I came back to ClubLexus and sure enough, you can tell there are some "data" (likely the virus again) that's trying to download into my computer. I think there is a virus tagged to clublexus.

Nov 4, 2012 | 09:50 PM

#10

DaveGS4

Administrator Emeritus

iTrader: (2)

Joined: Feb 2001

Posts: 31,944

Likes: 2,738

From: North Carolina

Thanks all, I've sent this along to the tech folks. I'm sure any additional details you can provide (was it the same page each time?) will be helpful as are screen shots like yea posted (thanks)

Merged similar threads

Last edited by DaveGS4; Nov 4, 2012 at 09:54 PM.

Nov 5, 2012 | 03:18 AM

#11

Briano7

Thread Starter

Driver School Candidate

Joined: Sep 2012

Posts: 37

Likes: 0

From: FL

I get the warning when I click the FORUMS button or the SPONSORS button.

Nov 5, 2012 | 04:43 AM

#12

TripleL

No Substitute

Joined: Nov 2005

Posts: 2,828

Likes: 75

From: RI

Same here noticed it started Sunday night.

Posting what I recieved, hope it helps.

Code:

 
239	11/4/2012 8:01:48 PM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	64006	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	dnsserv.ssrsystems.com/dhFJwR?leETD=31		1	11/4/2012 8:01:35 PM	11/4/2012 8:01:35 PM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
240	11/4/2012 8:01:59 PM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	64167	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	dnsserv.ssrsystems.com/dhFJwR?leETD=31		1	11/4/2012 8:02:00 PM	11/4/2012 8:02:00 PM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
241	11/4/2012 8:03:39 PM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	64249	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	moloko.net-transfer.info/dhFJwR?leETD=31	1	11/4/2012 8:03:28 PM	11/4/2012 8:03:28 PM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
242	11/5/2012 7:26:15 AM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	49356	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	rokko.poundstone.co.uk/dhFJwR?leETD=31		2	11/5/2012 7:25:02 AM	11/5/2012 7:25:12 AM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
243	11/5/2012 7:28:40 AM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	49395	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	rokko.poundstone.co.uk/dhFJwR?leETD=31		1	11/5/2012 7:27:37 AM	11/5/2012 7:27:37 AM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
244	11/5/2012 7:34:54 AM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	49500	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	rokko.poundstone.co.uk/dhFJwR?leETD=31		1	11/5/2012 7:33:53 AM	11/5/2012 7:33:53 AM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Attached Thumbnails

CL Site Malware thread (fixed, please let us know if you see issues)-cl-concern.jpg

Last edited by TripleL; Nov 5, 2012 at 05:04 AM.

Nov 5, 2012 | 06:24 AM

#13

Robb M.

Internet Brands

Joined: Mar 2010

Posts: 64

Likes: 119

From: ON

Are you all using IE?

Nov 5, 2012 | 07:26 AM

#14

neurocity

Not quite my tempo

iTrader: (17)

Joined: Jan 2006

Posts: 10,093

Likes: 975

From: Chicago

I just got nailed, on iPad now while I run Malwarebytes to clean in safe mode.

Wtf!? I never get hit with stuff, first time in like ten years, on my work laptop no less. This was fast as hell too... Like I just clicked on the main forum page and then this just popped up. I can only imagine what's nailing everyone else.

Windows seven 64bit, Mozilla latest release. Norton.

Nov 5, 2012 | 08:27 AM

#15

Lil4X

Out of Warranty

Joined: Aug 2001

Posts: 14,925

Likes: 13

From: Houston, Republic of Texas

Got the same Norton flags yesterday and today, CL has become unstable. I'm shutting down to run Malwarebytes too.

W/7, Firefox, Norton, on Comcast

Reply Share

First
Prev
1 / 12
Next
Last

Forum Jump

CL Site Malware thread (fixed, please let us know if you see issues)

CL Site Malware thread (fixed, please let us know if you see issues)

Trending Topics

Toyota and Lexus Join Mille Miglia For The First Time

Lexus NX 350h: A Fuel-Sipping Secret Hot Hatch???

5 Best & 5 Worst Lexus Daily Drivers

Top 5 Hottest Lexus & Toyotas in 2026 (Hardest To Buy)

2026 Lexus IS 350 F Sport Review: The Last of Its Kind Still Rocks

Top 10 Most Confusing Things Lexus Has Ever Done!

2026 Lexus ES Review: Lexus Re-Embraces Founding Principles

10 Lexus Bargains That are Cheaper Than a New Toyota RAV4

8 Weirdest Things Lexus Has Ever Built

10 Lexus Designs That Have Aged Like Fine Wine